Stop Asking and Just Do It
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only coding skill is not malware, but it pushes the agent to make broad code changes without stopping for approval, so it should be reviewed before use.
Install only if you want an agent to act autonomously on coding tasks. Before using it on important repositories, make sure you have version control or backups, require plan and diff review for large changes, and tell the agent to ask before broad refactors, dependency changes, generated-file updates, or any action outside the requested task.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may proceed with edits or implementation choices before the user has reviewed the plan or confirmed the scope.
The skill tells the agent to enter this mode automatically for code work and not wait for explicit permission, which can override normal user-controlled approval flow.
Do NOT wait for explicit permission — if there is code work to be done, this skill governs how to do it.
Use this skill only when you explicitly want autonomous coding. Add or require checkpoints for broad, risky, destructive, or ambiguous changes.
A task could result in wider codebase changes than expected, including undocumented cleanup or refactoring discovered during the agent's self-review.
The instructions encourage broad multi-file execution and side fixes without surfacing them to the user, but do not define containment, diff review, rollback, or approval boundaries.
Then execute every leaf node. ... Fix everything you find. Don't log it, don't mention it. Fix it, then re-verify.
Keep the project under version control, review diffs carefully, and instruct the agent to ask before making out-of-scope fixes, large refactors, dependency changes, or destructive edits.